System and method for authorizing software use
Abstract
A software vendor freely distributes software to users and issues smart cards to be used with the software. The smart card includes at least one software module missing from the software package and a list of allowed functionality dictating the capabilities of the software package. A user authenticates, using, e.g., public key cryptography, the smart card, which authorizes the use of the software. Once authorized, the module missing from the software is reunited with the rest of the software package. The software can be used limited to the allowed functionality included with the card. If more or different functionality is needed, the user can purchase another card authorizing such additional functionality, and then transfer the new functionality to the old smart card.
Claims
exact text as granted — not AI-modified1 . A method for authorizing use of a software package distributed to a user, the method comprising:
issuing the user a smart card granting access to the software package; and granting the user access rights to the software package by authenticating the smart card, wherein the smart card includes at least one software module missing from the software package and a list of allowed software functionality.
2 . The method according to claim 1 , wherein the authenticating is performed using asymmetric cryptography.
3 . The method according to claim 2 , wherein the asymmetric cryptography is public key cryptography.
4 . The method according to claim 3 , wherein issuing a smart card comprises:
generating a public key and private key pair for the smart card; issuing a digital certificate for the smart card, including the smart card's public key; digitally signing the smart card certificate to produce an encrypted digest; issuing a digital certificate for the vendor of the software package; and loading onto the smart card the public and private key pair, the smart card certificate, the encrypted digest, and the vendor's certificate.
5 . The method according to claim 4 , wherein digitally signing the smart card certificate comprises:
generating a digest of the smart card certificate using a hash function; and encrypting the digest using a private key of the vendor.
6 . The method according to claim 4 , wherein authenticating the smart card comprises:
decrypting the encrypted digest to generate a first digest; generating a second digest by running a hash function on the smart card certificate; and comparing the first digest to the second digest, wherein if the first digest and the second digest are the same, the public key of the smart card certificate is authentic.
7 . The method according to claim 6 , further comprising:
using the smart card certificate's public key to send a challenge to the smart card; and decrypting the challenge using the smart card certificate's private key.
8 . The method according to claim 1 , wherein the authenticating is performed using biometrics.
9 . The method according to claim 8 , wherein the biometrics includes scanning a user's thumbprint or iris.
10 . The method according to claim 1 , wherein the allowed software functionality comprises supporting at least one client.
11 . The method according to claim 1 , wherein the allowed software functionality comprises supporting at least one of mirroring and replication.
12 . The method according to claim 1 , further comprising operating the software package in accordance with the allowed software functionality included on the smart card.
13 . The method according to claim 1 , further comprising operating the software package by incorporating from the smart card into the software the at least one software module missing from the software package to produce a complete and operative software package.
14 . The method according to claim 13 , further comprising periodically checking the presence of the smart card in order to authorize continued operation of the software package.
15 . The method according to claim 1 , further comprising changing the allowed software functionality by issuing a new smart card.
16 . The method according to claim 15 , wherein the new smart card includes a list of additional allowed software functionality.
17 . The method according to claim 16 , further comprising authenticating the smart card and the new smart card using public key cryptography.
18 . The method according to claim 17 , further comprising retrieving the smart card certificate and storing it in a memory location.
19 . The method according to claim 18 , further comprising:
authenticating the smart card certificate; placing into a package data representing the additional allowed software functionality; encrypting the package using the smart card's public key; adding a timestamp to the encrypted package; and digitally signing the encrypted package to produce an encrypted digest.
20 . The method according to claim 19 , further comprising:
removing the additional allowed software functionality from the new smart card and storing it in the memory location; retrieving the new smart card certificate and storing it in the memory location; and authenticating the new smart card certificate.
21 . The method according to claim 20 , wherein authenticating the new smart card certificate comprises:
decrypting the encrypted package; and adding the additional allowed software functionality to the smart card.
22 . The method according to claim 1 , wherein the software package is used on a computer network.
23 . A system for authorizing use of a software package, comprising:
a smart card having at least one software module missing from the software package and a list of allowed software functionality, wherein a user is granted access rights to the software package by authenticating the smart card.
24 . The system according to claim 23 , wherein the authenticating is performed using asymmetric cryptography.
25 . The system according to claim 24 , wherein the asymmetric cryptography is public key cryptography.
26 . The system according to claim 25 , wherein the smart card further comprises a public key and private key pair generated for the smart card, a digital certificate for the smart card including the smart card's public key, an encrypted digest of the smart card certificate, and a certificate for the vendor of the software package.
27 . The system according to claim 26 , wherein the encrypted digest is generated by performing a one-way hash function on the smart card certificate to produce a digest, and the digest is encrypted using a private key of the vendor.
28 . The system according to claim 23 , wherein the authenticating is performed using biometrics.
29 . The system according to claim 28 , wherein the biometrics includes scanning a user's thumbprint or iris.
30 . The system according to claim 23 , wherein the allowed software functionality comprises supporting at least one client.
31 . The system according to claim 23 , wherein the allowed software functionality comprises supporting at least one of mirroring and replication.
32 . The system according to claim 23 , wherein the software package is operated in accordance with the allowed software functionality included on the smart card.
33 . The system according to claim 23 , further comprising a new smart card having a list of additional allowed software functionality.
34 . The system according to claim 33 , wherein the additional allowed software functionality is added to the smart card.
35 . A smart card for authorizing use of a software package, comprising:
at least one software module missing from the software package; and a list of allowed software functionality, wherein a user is granted access rights to the software package by authenticating the smart card.
36 . The smart card according to claim 35 , wherein the authenticating is performed using public key cryptography.
37 . The smart card according to claim 36 , further comprising:
a public key and private key pair generated for the smart card; a digital certificate for the smart card including the smart card's public key; an encrypted digest of the smart card certificate; and a certificate for the vendor of the software package.
38 . The smart card according to claim 37 , wherein the encrypted digest is generated by performing a one-way hash function on the smart card certificate to produce a digest, and the digest is encrypted using a private key of the vendor.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.